At first glance the room full of Homeland Security Advisory Council members looked like any other agency briefing. C-Span setting the stage for people to look good and say the right thing for the public record. Items such as we need to use a systematic risk management approach to funding and we should replace the word "Protection" with the word "Resiliency" were the highlights. And underneath, the audience was disturbed by the presentations because of it's lack of solid recommendations.
What happened later in the closed door session is where the rubber meets the road and serious work gets done. Yet the take away was this. After reading the 80 page report from the Private Sector Information Sharing Task Force there was one recommendation that stood out.
DHS should respond to private sector concerns about liability risks associated with sharing security information with DHS. This is why they recommend that the Critical Infrastructure Information Act (CIIA) should be fully implemented. If this could ever be clarfied and the legal counsels of the private sector gave it a major blessing then we would be well on our way to achieving a greater degree of safety, security and peace of mind.
In fact, Attachment D of the report goes so far as to list the categories of information that the government is seeking from the private sector on the critical infrastructure that they own. The number one item on the list is "Cyber Threats to U.S. Infrastructure". The number two item is "Terrorism".
It's no surprise that these are the two largest threats to the U.S. in the eyes of the task force.